heroku-config
Quickly rotate AWS credential keys and heroku configs.
Do you have long-term AWS credentials like AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
deployed to your Heroku applications? When was the last time they were rotated?
Rotating AWS keys is one of the simplest security measures to take. Usually though, we're too busy with developing features and rotating keys take a back seat. This tool automates the boring and manual process of rotating keys. Run this on your CodeBuild, jenkins server, a lambda function, or just manually when you have to.
Usage
heroku-config aws-rotate APP
Example with Output
$ heroku-config aws-rotate protected-oasis-24054
=> heroku config:get AWS_ACCESS_KEY_ID -a protected-oasis-24054
Updating access key for user: bob
Created new access key: AKIAXZ6ODJLQQEXAMPLE
=> heroku config:set AWS_ACCESS_KEY_ID=AKIAXZ6ODJLQQEXAMPLE AWS_SECRET_ACCESS_KEY=sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE -a protected-oasis-24054
Setting heroku config variables
Setting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and restarting protected-oasis-24054... done, v21
AWS_ACCESS_KEY_ID: AKIAXZ6ODJLQQEXAMPLE
AWS_SECRET_ACCESS_KEY: sp4gmsuif0XgYG2cPiZbkvl93kTGaeDDhEXAMPLE
Old access key deleted: AKIAXZ6ODJLQSGEXAMPLE
$
Installation
Or install with RubyGems.
gem install heroku-config
Prerequisite:
The heroku CLI must be installed. This tool calls out to it.
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am "Add some feature"
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request